HECVAT Tab
Product
This tab evaluates the security features and data handling capabilities built into the product itself.
It focuses on authentication methods including SSO support, password policies, and participation in trust federations like InCommon.
Questions address authorization controls, audit logging, and whether passwords are securely stored rather than hard-coded or in plaintext.
The tab examines how the product manages user accounts, enforces access controls, and maintains security audit trails.
Categories
Explore the categories within the Product tab
Authentication, Authorization, and Account Management covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Instructions for Solution Providers covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
General Information covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Data covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
Required Questions covers controls and questions related to that domain.
It outlines expectations institutions typically require from vendors.
The category helps assess risk posture and operational maturity.
It provides structure for consistent evaluation during security reviews.
ResponseHub is the product I wish I had when I was a CTO
Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.
As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!
I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.
